request to backport ca-certificates-java 20190405 to stretch to fix an error
Dear backports team,
Could you please include ca-certificates-java version 20190405 into
the stretch-backports repository?
The ca-certificates-java 20170929~deb9u3, that is present in the
stretch repo, is not always able to generate or regenerate the Java
trust store that is suitable for openjdk-11-*. As a consequence, HTTPS
requests initiated from Java will fail. For example, the certificate
updater script will generate a wrong trust store file
(/etc/ssl/certs/java/cacerts) if installing openjdk-11-* when
openjdk-8-jre-headless has not already been installed.
Execution order and parametrization is important for the steps to
reproduce the problem:
sudo bash -c 'echo deb http://deb.debian.org/debian stretch-backports
main >> /etc/apt/sources.list'
sudo apt-get update
sudo apt-get remove --purge openjdk-*
sudo apt-get autoremove --purge
sudo apt-get install openjdk-11-jdk
# this is now a wrong state, HTTPS will not work from Java
sudo apt-get install maven
# do not install maven in one step with openjdk-11-jdk, as it will
install openjdk-8-jdk, which disallows reproducing
# maven cleanup for reproducing the HTTPS error, no matter if it prints errors:
rm -Rf ~/.m2/repository/ my-app/
# A lot of HTTPS- and trust store-related errors will pop up:
mvn archetype:generate -DgroupId=com.mycompany.app -DartifactId=my-app \
-DarchetypeArtifactId=maven-archetype-quickstart -DarchetypeVersion=1.4 \
-DinteractiveMode=false
HTTPS access will work after applying this workaround:
wget http://ftp.ca.debian.org/debian/pool/main/c/ca-certificates-java/ca-certificates-java_20190909_all.deb
sudo dpkg -i ca-certificates-java_20190909_all.deb
Note that ca-certificates-java_20190909_all.deb works out-of-the-box
on Debian 9, both with openjdk-8-* and openjdk-11-*.
Thank you for your help and cooperation in advance!
Best regards,
Krisztián
Reply to: